[tor-talk] Giving Hidden Services some love

s7r s7r at sky-ip.org
Fri Jan 2 23:55:38 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Now why would we use https on top of a Tor Hidden Service?

http://foo.onion is not the same as http://foo.com

The regular internet (clearnet) domains, when used with http, do not
provide any kind of encryption or authentication and are vulnerable to
man in the middle attacks and wiretapping.

.onion Tor Hidden Services _already provide end to end encryption and
authentication_ when used with the default http. They are not
vulnerable to man in the middle attacks or hijacks. On top of this
primary layer of encryption, there are more crypto layers in the Tor
circuits connecting a client to a hidden service.

Maybe the crypto currently used in hidden services is not considered
_very_ strong with nowadays available computing power, but adding an
additional layer of encryption using the commercial CA model seams
like the wrong way to do it. Why? Because facebook did it (they were
the first ones as far as I Know), it means now this is somehow a
requirement?

I encourage the work on new generation hidden services, which will
have better security and better end to end crypto. We do not need
commercial CA's in a Tor hidden services for various reasons,
including but not being limited to the fact that when you purchase a
SSL certificate you leave another money trail and provide details to
make a payment / place an order, hurting the anonymity of a hidden
service. Why would you pay for something which Tor already does, and
even does it better?

P.S. I personally have _way more trust_ in the RSA1024 and SHA1
implementation used in current Tor Hidden Services design than in a
publicly available CA.

Rather than spending time to convince commercial CAs to sign .onion
domains, better spend that time to find sponsors in order to enable
coders and skilled persons to work on next generation hidden services.


On 1/3/2015 1:23 AM, Josef 'veloc1ty' Stautner wrote:
> Why does Tor have to setup an official CA and passing some audits?
> Are they even public?
> 
> And why should Tor even rely on that broken CA system? In my
> opinion a self signed certificate is the best way at the moment to
> ship. The tor developers should invest some time in the CA topic
> after Tor becomes a well-known and accpeted network.
> 
> ~Josef
> 
> Am 03.01.2015 um 00:06 schrieb Moritz Bartl:
>> On 01/02/2015 06:03 AM, Virgil Griffith wrote:
>>> Being a CA for .onion seems a reasonable thing to be.  Should
>>> someone already part of the Tor community like torservers.net
>>> become that CA?
>> I don't think becoming an official CA (ie. passing the audits
>> required for inclusion in major browsers) is something we should
>> spend our already limited time on.
>> 
> 
> 
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUpy/6AAoJEIN/pSyBJlsRSHUH/0KlnYp/CC8CuGzSWLra3m6G
d4dy9To1AOLWAnOzZ9H7KSXVxxg8SSHr+fXT35Uz483lxN7204vfGHvXc13mzmXW
Dy9JM7RS5BXz5a3l7/dxm9Ch7gBr6MQLsVLUJ+5aMjvFY0icnO9z1Xu/CMAYnhrx
1aeYNppGY2eiOsZNUUm2pmPYAPGr/cAarOzRlFvTwHsdaj1IfPPtYkO2ZoPLg+6y
HqW+Z+YejwRUZcaksNBdM6qVRjrK80MKX2LfIzU60Mj++chepPpUSYPe1n/5uY6c
udd7spOTccawEgpa/XXwQZNHeCoQYXNZX9evCRSilNzvNudgWA4BK5jXXUoQHt8=
=LbQ9
-----END PGP SIGNATURE-----

More information about the tor-talk mailing list